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AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows. 

1 . (Currently Amended) A method of controlling access to resources, said method comprising: 

receiving, by a server, a first request for a resource, said first request comprising a first 
requestor identifying information, wherein said first requestor identifying 
information identifies a first requestor; 

referring, by said server, said first request to a remote source, wherein said remote source 
evaluates said first request in response to said referring to generate a first policy 
decision, wherein said first policy decision is based on a policy definition governing 
access to said resource and based on said first requestor identify information; 

receiving, by said server, said first policy decision from said remote source, wherein said 
first policy decision is for said first requestor; 

storing [[a]] said first policy decision for [[a]] said resource in local memory , wherein said 
local memory further comprises a second policy decision, wherein said second policy 
decision is based on a second requestor identifying information, and wherein said 
second policy decision is for a second requestor identified by said second requestor 
identifying information , said policy decision rocoivod from a remote source of policy 
definitions, said policy decision based on a policy definition governing access to said 
resource and on requestor identifying information provided to said remote source ; 

receiving a second an initial request for access to said resource, said initial said second 
request comprising said first requestor identifying information; 

evaluating said initial said second request using said first policy decision in said local 
memory; 

receiving a notification from said remote source of a change in said policy definition, said 

notification identifying said first policy decision resource ; 
invalidating said first policy decision based on said notification; 
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receiving a subsequent third request for access to said resource, said subsequent third request 
comprising said second requestor identifying information , wherein said second 
requestor identifying information identifies said second requestor; 

evaluating said third request using said second policy decision in said local memory, 
wherein said first policy decision is invalidated and said second policy decision is 
valid in local memory when said third request is evaluated; 

receiving, by said server, a fourth request for said resource after said third request is 
received, said fourth request comprising said first requestor identifying information, 
wherein said fourth requestor identifying information identifies said first requestor; 

identifying, by said server in response to said fourth request, said first policy decision as 
invalid; 

referring, by said server, said fourth request to said remote source when the first policy 
decision is identified as invalid, wherein said remote source evaluates said fourth 
request in response to said referring to generate a third policy decision; 
receiving, by said server, said third policy decision from said remote source ; and 
evaluating said fourth request subsequent request based on said third policy decision 
notification . 

2. (Previously Presented) The method of Claim 1 wherein said resource is affiliated with another 
resource, and wherein further a policy decision for said other resource is received from said 
remote source and stored in said local memory. 

3. (Cancelled) 

4. (Cancelled) 

5. (Cancelled) 

6. (Cancelled) 

7. (Cancelled) 
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8. (Previously Presented) The method of Claim 1 wherein a period of time said policy decision is 
valid is also received from said remote source and stored locally. 

9. (Previously Presented) The method of Claim 1 wherein a condition associated with said policy 
definition is also received from said remote source and stored locally, wherein said condition is 
enforced locally. 

10. (Currently Amended) A method of controlling access to resources, said method comprising: 

receivin g, by a server, a first an initial request for access to a first resource, said initial first 
request comprising a first requestor identifying information, wherein said first 
requestor identifying information identifies a first requestor initial request is referred 
to a remote source of a policy definition that governs access to said resource for 
evaluation ; 

referring, by said server, said first request to a remote source, wherein said remote source 
evaluates said first request in response to said referring to generate a first policy 
decision, wherein said first policy decision is based on a policy definition governing 
access to said first resource and based on said first requestor identify information; 

receiving , by said server, from said remote source [[a]] said first policy decision for said first 
resource , wherein said first policy decision is for said first requesto r , said policy 
decision based on said policy definition and said requestor identifying information ; 

storing said first policy decision in local memory , wherein said local memory further 
comprises a second policy decision, wherein said second policy decision is based on 
a second requestor identifying information, and wherein said second policy decision 

evaluated locally using said policy decision stored in said local memory; and 
receiving a second request for access to said resource, said second request comprising said 

first requestor identifying information; 
evaluating said second request using said first policy decision in said local memory; 
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receiving a notification from said remote source of a change in said policy definition, said 

notification identifying said first resourc e, wherein a request for access to said 

resource received after said notification is evaluated based on said notification ; and 
invalidating said first policy decision based on said notification and said first policy decision 

associated with said first resource; 
receiving a third request for access to said resource, said third request comprising said 

second requestor identifying information, wherein said second requestor identifying 

information identifies said second requestor; 
evaluating said third request using said second policy decision in said local memory, 

wherein said first policy decision is invalidated and said second policy decision is 

valid in local memory when said third request is evaluated; 
receiving, by said server, a fourth request for said resource after said third request is 

received, said fourth request comprising said first requestor identifying information, 

wherein said fourth requestor identifying information identifies said first requestor; 
identifying, by said server in response to said fourth request, said first policy decision as 

invalid; 

referring, by said server, said fourth request to said remote source when the first policy 
decision is identified as invalid, wherein said remote source evaluates said fourth 
request in response to said referring to generate a third policy decision; 

receiving, by said server, said third policy decision from said remote source; and 

evaluating said fourth request based on said third policy decision . 

11. (Currently Amended) The method of Claim 10 wherein said first resource is affiliated with 
another resource, wherein a policy decision for said other resource is received from said remote 
source and stored in said local memory. 

12. (Cancelled) 

13. (Cancelled) 

14. (Cancelled) 
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15. (Cancelled) 

16. (Cancelled) 

17. (Currently Amended) The method of Claim 10 further comprising: 

receiving information that identifies a period of time said first policy decision is valid. 

18. (Previously Presented) The method of Claim 10 further comprising: 

receiving from said remote source a condition associated with said policy definition, wherein 
said condition is enforced locally. 

19. (Currently Amended) A computer-usable medium having computer-readable program code 
embodied therein for causing a computer system to perform a method of controlling access to 
resources, said method comprising: 

receiving, by a server, a first request for a first resource, said first request comprising a first 
requestor identifying information, wherein said first requestor identifying 
information identifies a first requestor; 

referring, by said server, said first request to a remote source, wherein said remote source 
evaluates said first request in response to said referring to generate a first policy 
decision, wherein said first policy decision is based on a policy definition governing 
access to said first resource and based on said first requestor identify information; 

receiving, by said server, said first policy decision from said remote source, wherein said 
first policy decision is for said first requestor; 

storing in local memory [[a]] said first policy decision for [[a]] said first resource , wherein 
said local memory further comprises a second policy decision, wherein said second 
policy decision is based on a second requestor identifying information, and wherein 
said second policy decision is for a second requesto r , said policy decision received 
from a remote source of policy definitions, said policy decision based on a policy 
definition governing access to said first resource and on requestor identifying 
information provided to said source ; 
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receiving an initial a second request for access to said first resource, said initial said second 
request comprising said first requestor identifying information; 

evaluating said initial second request using said first policy decision stored in said local 
memory; 

receiving a notification from said remote source of a change in said policy definition, said 

notification identifying said first policy decision first resource ; 
invalidating said first policy decision based on said notification; 

receiving a subsequent third request for access to said first resource , said third request 
comprising said second requestor identifying information, wherein said second 
requestor identifying information identifies said second requestor; 

evaluating said third request using said second policy decision in said local memory, 
wherein said first policy decision is invalidated and said second policy decision is 
valid in local memory when said third request is evaluated; 

receiving, by said server, a fourth request for said resource after said third request is 
received, said fourth request comprising said first requestor identifying information, 
wherein said fourth requestor identifying information identifies said first requestor; 

identifying, by said server in response to said fourth request, said first policy decision as 
invalid; 

referring, by said server, said fourth request to said remote source when said first policy 
decision is identified as invalid, wherein said remote source evaluates said fourth 
request in response to said referring to generate a third policy decision; 
receiving, by said server, said third policy decision from said remote source ; and 
evaluating said subsequent fourth request based on said third policy decision notification . 

20. (Previously Presented) The computer-usable medium of Claim 19 wherein said first resource is 
affiliated with another resource, wherein a policy decision for said other resource is received 
from said remote source and stored in said local memory. 

21. (Cancelled) 
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22. (Cancelled) 

23. (Currently Amended) The computer-usable medium of Claim 19 wherein a period of time said 
first policy decision is valid is also received from said remote source and stored locally. 

24. (Previously Presented) The computer-usable medium of Claim 19 wherein a condition 
associated with said policy definition is also received from said remote source and stored 
locally, wherein said condition is enforced locally. 



25-32. (Cancelled) 



